Lessons from OPCDE DXB 2017

Posted by Matt Suiche | Published on May 2, 2017

Categories: conference

Tags: opcde
Reading time: 4 minutes.

Table Of Contents:

More knowledge. Less buzzwords.

Cyber Figures — Comae Technologies

Ecosystem Growth

One of the main reasons to create OPCDE (pronounced “opcode”) was to establish a point of reference for the MENA technical ecosystem.

Technical communities are the backbone of technology as we know it, without them technology would just be buzzwords devoid of any meaning.

Understanding technology is becoming more and more important, especially as it became a new form of empowerment for both individuals and countries. Cyber security is just a reminder of the lack of understanding people have of technology as it highlights flaws in architectures, infrastructures and softwares.

For this inaugural edition, we made sure to be as inclusive as possible by gathering private and public sectors, local and international, professionals and students but also by encouraging gender and age diversity — which was surprisingly easier than expected compared to past experiences of organizing events in Europe such as Hackito Ergo Sum/No Such Con.

ShadowBrokers CTF Team during OPCDE DXB 2017

In parallel of our conference, we also ran a Capture the Flag for UAE Students where the youngest contestant was 12 years old.

CTF Winning Team during OPCDE DXB 2017

We also organized a round table / Q&A exclusively for students where the audience was in majority composed of female students with , as speakers, Mohamed Saher (NSS), Maarten Van Horenbeeck (Fastly), Bart Inglot (Mandiant), Andrew Reiter (Veracode), Jasiel Spelman (ZDI) and moderated by Shannon Sabens (ZDI).

The conference format was and will remain single track, had a maximum capacity of 150 attendees, gathered 20+ speakers — and last but not least had no sponsored talks.

Quality Content First

Single track conferences are always a good thing as they does not dissolve the attention of attendees and focus on a particular type of crowd who are genuinely interested in the content rather than obtaining a particular social status for attending an event.

“People only go to Coachella just to say they went to Coachella”

Most of successful groups of engineers, security researchers or publications, such as w00w00, l0pht or phrack are respected because they always focused on actual content of what they produced. Focusing on key fundamentals is important step of early stage noise filtering for any projects/groups of individuals/ecosystems often subtitled as “due dilligence”.

Talent growth and of course retention are often problems for ecosystems or companies when those fundamentals are broken or missing.

Matt Weeks showing his speaker gold PCB badge during OPCDE DXB 2017.

As said previously, one of the main focus was to establish a conference with no sponsored talks — purely focused on content delivery.

More RTs than Attendees

Some of the presentations got shared more than 200 times on Twitter. We got more positive feedback than any other regional conferences. The Twitter link to the slides more than one hundred times, and is now approaching 200 stars on GitHub. All of that, only few days after the conference was over.

Appetite for Quality Content

The conference is based on a fundamental which assumes there is always an appetite for quality content. One of the misconception is to design content only for people who are physically attending an event, although — the extended audience of any good event is always the internet. Being self referential for a start-up, an event or even an ecosystem is often pointless in the long run.

The Internet is always the medium deciding what’s important/interesting or not — at least for technology. This is why communities are very important, and why bridging between different communities is a crucial part of any successful ecosystem.

15 ways to break RSA Security by Renaud Lifchitz

One of the fun thing we did for our event was to design Printed Circuit Boards (PCB)-based with gold (ENIG) finishing to avoid common paper/plastic badges like we generally see during regional events.

The badges have been designed by Amsterdam-based Lebanese artist Inaya Fanis Hodeib and SF-based Hardware Engineer (also Founder of Nuand) Robert Ghilduta, before being finally manufactured in Shenzhen and sent to Dubai. Think of them as a representation of the border-less World we live in today.

Students — Staff — Attendees — Speakers

Highlights

Each presentation received positive feedback, the physically present audience was quite surprised to not see any vendor pitch. The limited audience of 150 people also allowed speakers and attendees to get to know each other.

Both our keynote speakers, Maarten and Wim have a strong technical background and are involved at a global scale with multiple security initiatives through FIRST & ISC2 — allowing them to share their personal experiences with us.

CHIPSEC surprised us with a special update supporting 2M firmware signatures to detect hardware backdoors/infections.

Slides

Videos (including the round table) should follow shortly — probably in a month or so. In the meantime, you can find the slides at the GitHub link below.

2018 ?

OPCDE Bali ?

OPCDE Crackme Solution

April 13, 2017 | opcde | Matt Suiche

Thanks to Mohamed Saher for publishing a complete 63 pages solution for the Student Crackme.